web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager...
6.8AI Score
0.006EPSS
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to....
9.8CVSS
9.4AI Score
0.004EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6)...
5.7AI Score
0.004EPSS
Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 allows remote attackers to inject arbitrary web script or HTML via the id...
5.7AI Score
0.002EPSS
The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized...
6.7AI Score
0.007EPSS